Ask Your Question
0

Problem with local/password login

asked 2011-04-28 20:58:37 -0500

Benoit gravatar image

updated 2011-04-28 20:59:56 -0500

There is a problem in the way authentication for provider_name=='local' with method=password works. When doing this specific authentication, we retrieve the existing user object by matching the username entered and the "screen name".

If someone changes the "screen name" on their profile, the username for the login would change. This would cause confusion.

It probably would be better to do something like ldap/openid where we decouple the login username (stored in UserAssociation's openid_url field) from the screen name (stored in the user's username field).

Of course, now saving the password becomes an issue :)

Just an FYI...This is not something that's an issue for us

edit retag flag offensive close merge delete

Comments

is this really a bug that should be fixed? not sure... Maybe give user a message that their login name has changed once they change the screen name? On most sites I see login name is the same as screen name, but most do not allow to change it.
Evgeny gravatar imageEvgeny ( 2011-05-02 13:09:07 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2011-04-28 22:15:54 -0500

Evgeny gravatar image

There is a setting - "Allow changing screen name" - if it is set to "False", then this is not a problem.

If the login name and screen name are different, and the user wants password authentication, then there may be confusion - the user can forget the login name...

What is the standard out there? Fixed screen name == login name or separate login and screen names?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2011-04-28 20:58:37 -0500

Seen: 125 times

Last updated: Apr 28 '11